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@ System for cooperating with a satellite transponder. 

0 A system for cooperating wnn a sateiiiie transponder (1205). the system consisting of a master uplink 
capable of transmitting a plurality of program signals to be sateliita transponder; a first source of program signals 
providing a first program signal including subscriber information to the master uplink to be transmitted to the 
satellite transponder as one of the plurality of program dgnals: and at least one additional source of additional 
program signals* a first additional source providing a first additional program sgnal to the satefllte transponder, 
the first additional source including (i) means tor extracting the subscriber information from the first program 
signal, and (ir; means for inserting the $ub;?criber information in a first different program signal to form the first 
adaraonal program signal. 
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BACKGROUND OF THE INVENTION 
1. Field of the invention 

5 The present invention relates generally to the field o1 scrambling and transmission systems and more 
specincally. to an external security module for a television signar decoder of a broadcast, satellite, or cable 
television transmission system. Additionallyp the present invention Is more specifically directed to a method 
of transmitting subscriber information to subscription television signal distributors and methods for convert- 
ing a television signal decoder to accept digital television signals. The present invention has particular 

ro application for B-type Multiplexed Analog Component (B-MAC) satellite transmission, but may also be used 
for NTSC (National Television Standards Committee), PAL, SECAM. or proposed high definition television 
formats. In addition, the scrambling system of the present invention can be used in applications in related 
fields such as electronic banking networks, telephone switching systems, cellular telephone networks, 
computer networks, etc. The system has particular application to so-callad "conditional-access* multfchan- 

rs nel television systems, where the viewer may have access to several "basic" channels, one or more 
-premium" or extra-cost channels as well as "pay-per*view' or "impulse pay-per-view" programs. 

2. Description of the Relevant Art 

20 In a pay television sy^em, a pay television service provider typically protects the signal from 

unauthorized suk>scribers and pirates through scrambling. 

For the purposes of the foltowing discusston and this invention, the term "subscriber" means one who 
is paying for the television service. The "subscriber" could thus be an individual consumer with a decoder 
in his own home, or oou/d be a system operator such as a local cable V/ operator, or a small network 
operator such as a Hotel/Motel operator with a central decoder for ail televisions in the Hotel or Motel. In 
addition, the "sufcjscriber" could be an industrial user, as described in U.S. Patent 4,866770 assigned to the 
same assignee as the present application and incorporated herein by reference. 

For the purposes of this invention, a network is defined as a program source, (such as a pay television 
provider), an encoder, {sometimes called a "headend"), a transmission means (satellite, cable, radio wave, 
ete.) and a series of decoders used by the subscribers as described above. A system is defined as a 
program source, an encoder, a transmission means, and a single receiving decoder. The system model is 
used to describe how an individual decoder in a network interacts with the encoder 

Tlie scrambling process is accomplished via a key which may itself be encrypted. Each subscriber 
wishing to receive the signal is provided with a decoder having an identification number which is unique to 
36 the decoder. The decoder may be individually authorized with a key to descramble the scrambled signal, 
provided appropriate paynnents are made for sennce. Authorization is accomplished by distributing de- 
scrambling algorithms which work in combination with the key (and other information) to payir^ subscribeis, 
and by denying that Information to non-subscril)ers and to all would-be pirates. 

The key may be transmitted as a data signal embedded in the normal television transmission 
40 associated with the identification number of the decoder. In a typical television signal, there are so-called 
-vertical Dianwng internals " (VBi) occurring in each field and "horizontal blanking intenrals" (H8I) occurring 
In each line between the chrominance and luminance signals. Various other signate can be sent "in-band" 
In tne vertical and norizontal blanking intervals including additkmal audio channels, data, and teletejct 
messages. The key can be embedded in these "blanking imen/als" as Is well known In the art- Attention is 
-5 drawn to U.a Patent No. 4,829.569 assigned to the same assignee as the present application and 
incorporated herein by reference, showing how such data can be embedded in a B-MAC signal Alter- 
natively, the key may be sent "outKjf-band" over a separate data channel or even over a telephone line. 
Maintaining security in a conditonal-access television network depends on the following requirements: 
(r) The signal scrambling techniques must be suffidentfy complex to insure that direct encryptooraohic 
so attack is not practical. ^ ^ 

(iij keys distributed to an authorized decoder cannot be read out and transferred to other decoders 
Tne first condition can be satisfied by practical scrambling algorithms now available such as the DES 
(Data Encryption Standard) or related algorithms. 

The second condition requires the physical security of certain devices within the television signal 
55 decoder and is much more difficult to satisfy. Such a device must prevent obsen/ation of both the key 
decryption process and the partially decrypted key signals. 

Figure 1 shows a prior art conditional-access system for satellite transmission. In encoder 101. the 
source program information 102 which comprises video signals, audio signals, and data is scrambled in 
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program scrambler 103 using a key from key memory 104. The scrambling techniques used may be any 
fiifch techniques which are well known in the art. The key can be a signal or code number used in the ^ 
scrambling process which is also required to "unlock" or descramble the program in program deserambler 
108 in decoder 106. In practice, one key can be used (single layer encryption) or more than one key (not 
s shown). The key is usually changed with time (i.e. - monthly) to discourage piracy. The scrambled 
programs and the key are transmitted through satellite link 105, and received by conditional-accees decoder 
106. Oocodar 106 recovers the key from tho rocoived signal, stores it in key memory 107 and applies it to 
program descrambler 108 which descrambles the scrambled program received os/er satellite link 105, and 
outputs unscrambled program 109. The system is not totally secure, as the key is transmitted in the cleer 
TO through the channel and is available for recovery by pirates. 

To overcome this difficulty and referring to prior art Figure 2. a method of protecting the key during 
distribution is mtroduced into the system of Figure 1. Prior to transmi8ek>n, the key used to scremble 
source program 202 in program scrambler 203 is recovered from key memory 204 and itself encrypted in 
key encryptor 210 using a secret serial number (86N) from eecrst serial number detabase 211 which 
fs contains a list of the secret serial numbers of all legitimate subscribers- These secret serial numbers may 
relate to the unique idsntificstion numbers mentioned afc>ove for each decoder of a network of such 
decoders. The source program has now been scrambled using the key. and the Key itself has been 
encrypted using a secret serial number. Thus, tho key is not subject to compromise or recovery during 
transmission in comparison with the system of Pigurc 1 . In order to dcscrambic the program, the pirate 
ao must first obtain the secret aortal number of o Icgrtimetc decoder, match it with the oppropriatcly encrypted 
key, decrypt the key, and then descramble the program. The secret serial number is installed in decoder 
206, for example, during manufacture in SSN memory 212 resident in decoder 206. The secret eoriol 
number is therefore unavailable to pirates provided that decoder 206 remains physically socuro. 

Each secret serial number ie unique to an individual docodor or, at least, unique to a group of decoders 
S6 in order to be reeeonsbty secure- The encrypted key may therefore be transmitted to each decoder 

individuaiiy by cycling through a database 211, containing all the secret eerial numbers of the network tn ^ 
encoder 201 and forming a separate key distribution message In an addressed data packet individually 
addressed to each authorized decoder in the network. An individual decoder recogntises when its encrypted 
key has been received by reading the key distribution message attached to the encrypted key. A typical 
ap address data packet is depicted in Rgure 9 and described more fully below. 

In known B-MAC systems, the key is distributed In an addressed data pscket individually addressed to 
a particular subscriber's decoder by means of its unique rdenitfication number. The addressed data packet 
is typically inserted in lines 4 through 8 of the vertical blanking interval. Each addressed data packet is 
typically addreseed to one individual decoder. As there are sixty fields generated per second (30 frames of 
as 2 interlaced fields each) rn a B-MAC or NTSC television signal, at the rate of one addressed data packet per 
field, a possible sixty different decoders (or groups of decoders) can be addressed each second, or 3600 
per minute, 215,000 par hour, and over 5 million per day. Since each decoder need only be addressed 
when the service level or encryption level changes, there are sufficient frames available to individually 
address each decoder even in large systems. The address rate of the decoders may be increased by 
4o transnnitting more than one addressed data packet per field. Additional data packets may be inserted in the 
vertical blanking interval or in the horizontal blanking intervals of each frame. Tho total number of possible 
addressable decoders is a funetion of the number on data bits available ior decoder eddresses. The B-MAO 
format typically uses 28 bits for decoder addresses, allowing for over 268 mlHion possible decoder 
addresses. Attention is drawn to the tinited States Advanced Television Systems Committee Report T2/62, 
45 -MULTIPLEXED ANALOG COMPONENT TELEVISION BROADCAST SYSTEM PAFiAMETER SPECIFICA- 
TIONS."' incorporated herein by reference, which describes the data format In a B-MAC signal. 

After receiving the addressed data packet, key decryptor 213 then decrypts the key using the secret 
serial number stored in SSN memory Si 58. If service to any decoder 206 in the network is to be terminated, 
the secret serial number for that decoder is simply deleted from SSN database 211. and decoder 206 is 
so deauthorized at the beginning of the next key period. *^ 
In a decoder such as the one shown in Figure 2, the pay televieion provider has to rely on tho physical 
security of the decoder box itself to prevent a pirate from reading or modifying tho secret serial number and 
key memories in the decoder or observing the key decryption process. In order to provide the necessary ^ 
physical security, decoder boxes can be equipped with tamper-proof seals, specially headed screws and 
S5 fasteners, or other tamper resistant packaging to make physical compromise of the decoder difficult. The 
subscriber ie aware that tampering with the decoder could alter the tampcrproof seals or damage the 
decoder and subsequent examination couki lead to discovery. 
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There are several disadvantages of relying on ttie physical security of the decoder to maintain system 
secu/iky. First, the pay television provider hos to meintein ownership and control over aJI of tho docodoro of 
the netmrork and then rent or lease ihe decoders to subscrit)ers. The pay television provider is thus 
responsible for maintenance of all decoders and must maintain an expensive parts inventory and main- 
5 tenance staff. In addtion, in order to initiate service, a serviceperson must make a personal visit to the 
subscrit3er*s locaiion to install ttie decoder. In a pay teievision satelJite sy^em, such installation and service 
calls could be quite costly Tor remote Insiallailons which could be located anywhere in the world. Further, 
the physical security of a decoder could be breached without fear ot discovery if a pirate could obtain a 
decoder that had t)een stolen eitner aunng tne oisuioution process or from an individual subscriber's home. 
70 Hence, the system of Figure 2 can oe secure only under the following conoitions: 

(r) I! must be impossible to read or modify the SSN and Key memories in me decoder. 

(ii) It must be impossible to observe the key decryption process, or the links between the Tour elements 

(207. 208, 212, and 213} of the decoder. 

One way to achieve both of these goals is by the use of a so-called "secure microprocessor". 
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Pecrypqon Microprecessors 



Figure 3 snows a OtocK diagram of a typical prior art microprocessor 320 with processor 321, program 
memory 3Z2, memory address bus 328, memory data 326 and memory data bus 327. In such a device, 
20 Input data 323 Is processed according to a program stored In program memory 322. producing output data 
324. Program memory 322 can be "read out" through memory data bus 327. That is, the memory can be 
stepped through by sequentially incrementing memory address 325 through memory address bus 326 Into 
program memory 322. Output memory data 326 from memory date bus 327 will reveal The entire program 
contents of microprocessor 320, including any stored descrambling algorithm and secret serial numtjer. 
2S With such data, a pirate can easily decrypz a key transmined through satellite Gnk 205 or Figure 2. 

Figure 4 shows a block diagram of an ideal secure microprocessor 420 adapted for securing an 
algorithm and secret senai number according to one aspect of the present invention. The major crtference 
between secure microprocessor 420 or Figure 4 and microprocessor 320 of Figure 3 is that both memory 
address bus 328 and memory data bus 327 are absent so there is no way to step through program 
30 memory 422 for the purpose oT reading or writing. Memory references are executed onFy by processor 421 
according to its mask-programmed code which cannot be changed. All input data 423 is treated as data tor 
processing, and all output data 424 is tTie result of processing input data 423. There is no mechanism for 
reading or nnodifying the contents of program memory 422 via the data inputs. 

Modem devices are a close approximation to this ideal secure microprocessor. There is, however, one 
39 requirement which causes a variation from the ideal. Following manufacture, there musr be a mechanism 
available to write into memory 422 the decoder specific secret serial numtjer 430. as well as decryption 
algorithm 434. If this facility were available to a pirate, he could modify the secret serial number for the 
purpose of cloning. Therefore, this facility must be permanently disabled after the set^ret serial number has 
been ont&rod. 

-« A variety of techniquee may be ueed to disable the lacility for writing into the memory. Secura 

microprocessor 420 could be provided with on-chip fusible data links 431, a software lock, or similar means 
for onabling the secret serial numtjer 430 and descrambling algorithm 434 to be loaded Into memory 422 at 
manufacture. Then, for ©sample, the fumble links shown in dashed lines are destroyed so that a pirate has 
no access to descrambling algorithm 434 or secnst serial number 430 stored in program memory 422. 
45 in an alternative embodiment the microprocessor of Rgure 4 can be secured with an "E^ bit." The "E^ 
bit", a form of sofhvare kjcK will cause the entire memory (typcaJly EEPROM) to be erased if an attempt is 
made to read out the contents of the memory. The bit* provides two advantages; first, the memory is 
secured from would-be pirates, and second, the memory erasure will indicate that tampering has occurred. 
A pirate would have to have access to extensive micro-chip facilities and a significant budget to 
00 compromise such a secure micnaprocessor. The physical security of me processor would have to be 
brcuched, destroying the proccwor and contents. However, integrated circuit technology continuously 
Improvco, and unexpected devetopments could occur whk;h might enable attacks to be made at tne 
microscopic level which are more economic than those available today. Further, the worldwide market for 
pirate decodcra for satellite transmissions would provide the economic incentive to the increasingly 
55 sophisticated pirate electronics industry to compromise such a unit. 

Copying a sirrgte decoder comprising a microprocessor according to Figure 4 coulfl lead to decoder 
clones based on the single secret serial number in that single docodor. Discovery would result in the 
tcrmfnatior> of that secret serrai number, and thus termination oT all of the clones. However, a pirate wouio 
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also have the option o1 using the single compromised unit to recover the key. The pirate could then develop 
a clecoder design which would accept the key ao a diroet input. Th&ee pirate units could thon bo illegally 
distributed to subscriberSp who would pey the pirotc for a monthly update of the key. The consequence of a 
security breach could become extremely damaging to the pey television provider. 

5 

Heplaceable Security Module 

Pay lelevrsion providers ere therefore at risk if security depends exclusively on the physical defenses of 
the secure microprocessor. Rgure S shows a device which attempts to overconne the disadvantages of the 

70 devices of Figures 1 and 2 oy providing a security device in a replaceable security module 5i4. 
Replaceat3)e security module 514 comprises Key decryptor aid, secret serial number memory S12 and key 
memory sot. as In Figure 2. encoder SOl scrambles source program e02 compfising video signals, audio 
Signals and data in program scrambler 503 using a key from key memory 504. The key Is encrypted in key 
encrypror 510 using a secret serial number (88N) rrom secret serial number database 511 which contains a 

'5 list or The secret serial numbers of all legitimate subscribers. 

The same SSN is installed in secret serial number memory 512 in replaceable security module 914 
which is removably attachable to decoder 506. Key decryptor 513 of replaceable security module 514 
decrypts the key using the secret serial number stcsred in secret serial niimber memory 512. The decrypted 
key is then stored In key memory 507. Unlike Figure 2, the entire replaceable security module le removably 

20 attached to decoder 506. Program descrambler 508 reads the decrypted key from Key memory 507 in 
replaceable security module 514 ancJ uses the key to descramble and output descrambled program 509. 
Removable security module 514 is designed to oe replaced by the subscriber, preferably without any 
spectal tools and, thus, most conventionally may comprise a piug-in module. 

The use of a plug-in external module gives tne pay television provider the ability to upgrade the 

7S tecnnology in me security device by swapping it out at very low cost. In the event of a security breach, a 
new replaceable security module containing the program scrambling algorithm and SSN could be mailed 
out to authorized subscribers. The authorized subscribers could then remove the old replaceable security 
module from tti^r decoder and insert the new replaceable security module themselves. System security is 
thus recovered without the expense of replacing the entire decoder or the expense of sending a service 

30 parson to replace the replaceable security modules in each decoder. In addition, it is not necessary for the 
pay television p>rovider to own the decoder itself. The decoder can be a generic commcrciolly available unit 
purchased by the subscriber, or even integrated into the television rtseK. To initiato acrviec. the pay 
television provider need only mail the replaceable security module to the subscriber and no service call is 
necessary. 

as Although the replaceable security module has the advantages of providing a guarantee that network 

security is recoverable following a breach, it also has some disadvantages. All the security resides in 
replaceable security module 514. and decoder 506 itself Is a generic unit The key signal which Is 
generated by replaceable security module 514 is observable at its transfer point to docoder eOG. The key 
can. however, be changed sufficiently often to ensure that it has no value to a potential piraxe. 

^ The problem with this approach is that a given removable security module 514 will operate with any 
decoder 506, and that tampering with replaceable security module 514 does not invohre damage to decoder 
506. Consequontly. if replaceable security module 514 were to bo eompromisodi piracy would become 
widespread very rapidly. 

^ Multiple Encryption Layers 

Altf)ough the devices as described above show a single key to scramble the piogram signal (so*called 
"single layer encryption any of the prior art devices could also be practiced using a multiple key ("two 
layer", "three layer", etc.) scrambling system. A mjltiple key encryption system with particular applications 

so to 0 coble television envinonment is described in U.S. Patent No. 4,890.319, to Seth-Smith, issued 
Doecmber 26. 1989, incorporated herein by reference. Figure 6 show^s an example of a prior art two layer 
eneryptron encoder 601. &Ycoder 601 contains secret serial number database 611 which contains a list oi 
secret serial numbers lor all authorized subscribers, these serial numbers preferably being 55 bits in length. 
Key memory 604 stores the "Key of the Month" (KOM) whjc;h In this embodiment can be either an "even' 

53 key for even months (February, April, June, etc.) or an "odd" key for odd months (January. March, May. 
etc.). The key could also be different for each morrth of the year, or could be made even more unique, 
depending on the available data bits for such a key. In addition, the key could be changed more frequently 
or less frequently than {he monthly basis shovwi hero. Thoao KOM's ere preferably 56 bits in length. 
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Key encryptof 610 encrypts the key setecfed from key memory 604 and outputs a series of encrypted 
key^ EsskIKOM] each dncrypted with a secret eeriaJ number from secret eerial number database 611, to 
data multiplexor 635. Seed memory 636 containc a "seed" which is ueed for ecrambling the audio and 
video signais. The "seed" can afso be a data code or a signal similar to the key described above. 
5 Preferably, the seed changes every 1/4 second. Seed encryptor 637 encrypts the seed with the key of the 
month and outputs the encrypted seed EKOMrSEED] to data muMlpfexor 635. Thus the key has been 
encrypted with the secret serial number, and the seed cneryptxsd with the key. Neither the key nor the seed 
can be easily recovered during transmission. 

In tfiia embodiment, source program 602 oomprisco a MuHiplexed AnaJog Video (MAC) signal 639 with 
10 the typical chrominance and luminance signals described previously, atong with multiplexed audio data 6S8 
which may comprise ccvcrol different audio and non-audio (data) signals. For example, Iher© may be at 
Icoat two channels of audio (stereo) and additional channels of teletext for the hearing impaired. In addition, 
there may be additional channels of audio related to the video signal such as foreign language translations! 
unrelated audio signals such as radio programs or data signals such as subscriber messages, computer 
10 data. etc. All of these signals are digitized and multiplexed together, as is well known in the art. and ttie 
resulting multiplexed analog components, data 638 is then ready to be scrambled. 

The seed passes through pseudo-random bit sequencer (PRBS) 643 and then is added to multiplexed 
audio data 636 in adder 644. Together, pseudo-random bit sequencer (PRBS) 643 and adder 644 comprise 
a bi^by-bit encryptor 645 as is well known In tiie art. The resulting scrambled multiplexed audio data Is 
so then passed to data multiplexor 635 and is multiplexed with the encrypted seed and key. 

MAC video signal 639 is scrambled In line translation scrambler 603 which scrambles the lines of the 
MAC signal using the "seed" from seed memory 636 for the scrambling algorithm. The resulting scrambled 
MAC signal is then cent to mult/plexor 632 which multiplexes the scrambled MAO signal with the output 
from data multiptexor 636. The multiple3<©d data output of data muJtipleocer 635 is modulated into pulse 
25 amplitude modulation (PAM) format by P. A.M. modulator 645. The output B-MAC signal 646 contains MAO 
video signal 639 and multiplexod PAM audio data 638. both scrambled with the seed, ©long with the seed 
encryptod with tho koy of the nnonth, and a senes of keys of the month which have bean encrypted with the 
socrot sorial numbers of the subscriber's decoders, all multiplexed toget^ier. 

In order to descramble the B-MAC signal 646, a pirate must be able to decrypt one of the encrypted 
w keys, and use that key to decrypt the seed. However, as in the single layer encryption device descHbed in 
Rgure 2. the pirate only needs to compromise one of the decoders in order to obtain a secret serial 
number, and thus decrypt the key. With the key. a pirate can then decrypt the seed, and with the seed, 
descramble the program signal. Additional "layers" of encryption (i.e. - more seeds and keys) make pirating 
more cumbersome, as tho pirate must decrypt more seeds and keys, however, once the first key ha5» been 
36 decrypted, the eubsequent keys and seeds can be decrypted as well. In the embodiment shown in Rgurc 
e, keys need be decrypted every month for the pJrat© to be able to descramble the program eignal all year. 
The secret serial numbers, seed, and key. as used in Figure 6. can be used effectively by the pay 
television provider to terminate a particular decoder by secret serial numia&r and generally diaeourage 
piracy by amateurs. However, while this system has not yet been compromised, a determined pinste may 
«i compromise such a multi-layered encryption system with the aid of a oompromised decoder, the heart of 
such piracy being the gaining of access to a seeret serial number. 

A particular problem involves the transmission of the encrypted seeds and/or encrypted KOWs with the 
encrypted program signal to individual subscribers who may have their own antenna, commonly a backyard 
reception dfsh. Referring to Rgure 11, prior systems used a central control 1181 to insert addressed data 
packets or other subscriber related Information into ti>e program signals to authorize those individual 
receivers who receive encrypted eignate directly, not thmugh a local distributor. Central control 1181 wouki 
transmrt addressed data packets, vis dedicated lines 118s, to uplink bro^caeter 1183 (e.g.. Home Box 
Ofnce. Cmemax, etc.) y^o wouki in turn multiplex the addressed data packets with their program signals 
usually encrypted. The signals would be transmitted to satellite 1105 and then back to an indivkiual receiver 
1189 typically through backyard reception antenna 1187. if o indhridual desired to receive certain programs 
they would place a calf through phone line 1188 to central control 1181. Central control in turn would relay' 
the individual-e authorisation requeat through dedicated lincc 1185 to uplink broadcasters 118S. Uplink 
broadcasters then would multiplex the Individual's new authorization code with their partcular encrypted 
program signals. The ^rfgnals would then relay through satellite transponder 110S to the individuare antenna 
1187 and into the.r decoder box where the new authorisation request would permit them to decrypt the new 
program signals. Such a system is currently used by General Inetmrnenfa Video Cypher II- TM system 
Importantly, due to the transmission limitstwr»s of dedicated jines 1185. typically telephone lines a 
broadcaster could not rapidly addrss-s ail subscribers. 
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An additional problem with the prior art involve the upgrading of current television decoders to accept 
digital television signals. Previously, local cable tclovision distributors would have to replace all existing 
converting boxea in subscriber homes with new converter boxes which could accommodate digital television 
sign sis. This was costly because new decoder boxes would have tc be distributed and the c^Jd boxes 

s coltectGd and often times destroyed. Alternatively, a local cable television distributor could distribute new 
decoder boxes which would only accept digital television signals. Thus, subacribers would have iheir 
original decoder box which would accept analog signals while the new box would accept digitaJ signals. This 
too was costly as many circuits Virithin the two boxes would be redundant, additional apliters would have to 
be added at a subscriber's home to provide for two coaxial inputs to the boxes, in addition to other 

rc annoyeuices previously mentioned. 

In view of the deficiencies of the above prior art devices, it still remains a requirement in the art to 
provide a scrambling system for pay television systems which does not reply solely on the physical 
security of the decoder connponents to maintain system integrity. 

75 SUMMARY OF THE INVeNTIQN 

The invention is defined in the claims to which reference should now be made. 

The present invention advantageously provides apparatus and a method tor transmitting the same 
authorization signals on multiple channels, to individual subscription television receivers. 
20 In an emtwdiment of the present invention, authorization signals are transmitted from a master uplink 
through a satellite transponder into a loop-back uplink. At the loop-back, program audio and video signals 
are combined with ihe authorization signals and sent back to the satellite transponder then to an indivrduat 
subscription television signal receiver. 

Many of me above-stated problems and related problems of the prior an encryption devices have been 
w solved by the pretended system which is able to iwlce-encrypt the key prior to {ransmlssfon, first with a first 
secret serial number (SSNo) of the subscriber's replaceable external security module, and again with a 
second secret serial number (SSHi) of the subscriber's decoder The double-encryption technique discour- 
ages copying the replaceable external security module, as each replaceable security module will work only 
With its mating decoder. The system also allows the replaceable security module to be replaced following a 
3o systenn breach, thus allowing for recovery of system security. Furthermore, the present invention allows for 
uninterrupted transmission of decrypted signals upon replacement of the external security module by 
providing three steps of decryption. First, incoming signals are decrypted using the second secr^ serial 
numbers of the subscriber's decoder, beiore a new replaceable external security module is inserted into the 
decoder. Second, a valid key of the month (KOM) is defivered to the Internal security module where it is 
» decrypted using en alternate secret serial numtjer (SSN). The packet is then forwarded to the new external 
security modulo whcns it is further decrypted and the valid KOM Is stored. Finally, decryption of incoming 
signals are then routed to the external security module which becomes the active security element. 

The system comprises an encoder for encoding a signal, the encoder further comprising o signal 
scrambler and a first and second key encrypters. The signal scrambler scrambles the signal and outputs a 
scrambled signal and a key for descrambling the scrambled signal. The first key cncryptor is coupled to the 
signal serembler and performe a first encyrption on the key using a first secret serial numhcr and outputs a 
once-erierypted key. The eecond key ©ncryptor is jsouplod io the first koy oncrypter and performs a further 
encryption on the once-encrypted key using a second secret serial numbor and outputs a twico-cncryptcd 

The system further comprises a transmitter coupled to the signal scrambler and the second key 
encryptor for transmitting the scrambled signal and twicccncryptcd key. 

The syetem further comprises a routing managcr^dcoodcr coupled to the tronsmittcr for receiving and 
descrambling the scrambled signal. The decoder comprises first and second key decryptors and a 
descrambler. In the twice encrypted mode, the first key decryptor is coupled to the transmitter and • 
performs a first key decryption on the twice-encrypted key using the second secret serial number and 
outputs 3 partially decrypted key. The second key decryptor is coupled to the first key decryptor and 
perform a second key decryption on tho partially decrypted key usJng the first secret serial number snd 

outputs the decrypted key. The descrambler j$ coupled to the second key decryptor and the transmitter 
and descrambles the scrambled signal using the decrypted key and outputs the descrambfed signal. The 
decoder may function without the use of a replaceable security module. In the event of a system breach or 
a service level change, a replaceable security module may then be inserted into the decoder to "upgrade- 
the decoder. 
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Furthermore, an easily connectable module or "side-car" is described which permits a standard 
decoder box to accept both arialog and digital television signals- This digital side-car is capable of 
uporading existir^ convarter boxes without the duplication of non-video components. 

These and other objects and advantages of the Invention, as well as the details of an IMustrative 
enribodiment. will be more fu/ly understood from the following spedfication and drawings in which similar 
elements in different figures are assigned the same last two digits to their reference numeral (l^.. decoder 
706 of Figure 7 and decoder a06 of Rgure 8). 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 shows an example of a prior art oonditronal-aceess system for satellite transmission with a lc«v 
signal sent in the clear to the decoder. 

FIG. 2 shows an example of a prior art conditional-access system for satellite transmisston using a 
single key encryption technique. 

FIG. 3 shows an example of a prior art microprocessor without a secure memcMv. 

FIG. 4 shows a secure microprocessor with a secure memory and fusible data links adapted for storing 
an algorithm and secret serial numfcier according to the present invention. 

FIG. S shows an example of a condrtional-access system for sateMite transmission with a repLaceabte 
security module containing a first secret serial number 

FIG. 6 shows another prior art conditional-access system for satellite transmission using an additional 
layer of encryption, 

RG- 7 shows one exemplary embodiment of the conditional-access system of the present in ventior) with 
an encoder encrypting the key with both a first and second secret serial number, a satellite transmisson 
system, and a decoder containing a first secret seriai number and a replaceable security module containino 
a second secret serial number 

FIG. 8 shows an expanded view of the decoder of FIG. 7. 
PIG. 9 shows a frame format for an addressed data packet. 
FIG, 9A shows a frame format for a system data packet. 

FIG. 10 shows communteatlons between a secure microprocessor, either internal or external, and the 
routing manager. 

RG. 11 shows a prior art system of transmitting authorization signals and addressed data packets 
between a central control and an individual television subscriber. 

FIG. 12 shows another embodiment of the present invention for transmitting the same authorfzaUon 
signals on multiple channels from a central control to an individual television subscriber. 

FIG. 13 shows another embodiment orf the present invention where the decoder depicted in FIGS. 7 and 
8 may be easjiy upgraded to accept both analog and digital television signals. 

DETAiLED DESCRIPTION QF THE PREFERHED EMBODIMEMT 

Figure 7 shows the encryption system of the r^resenX invention comprising an encoder 701 for encoding 
a source program 702 for transmission over a satellite Dnk 705 to at least one decoder 706. Accordino to 
Figure 7. the key is encrypted and addressed to individual decoders, similar to the device in Figure 5 
However, in this case, the key may be encrypted twice. 

Encoder 701 has an active security selection memory 721 containing the active security selection. The 
active secunty selection selects the fi>ced security element 719 or the replaceable security element 714 as 
the actve security element. Only the active security element will received B-MAC signals and supply the 
seed to the program scrambler 703. «>upMiy me 

A key memory 704 contains the active security selection 721 and the seed used to scramble prooram 702 
r^r.^T'^K-T"^*''^' ^ ^" 5- memory 604 could contain keys ofX monm 

K?o 7^*''^'* ^ ^"u'^^' ^ ^^"^ ^^'^ ^^^^ "^^^ ^^'^ program 702. In this 

^mtt r"^^fil technique the KOM is first encrypted in first key encryptor 710 with a first secret seriS 

w^m a second secret senal number (SSNi ) from SSN, database 716. This process continues for each SSN 

muZi^Jr^o'^M^ "^'^^ ^^'^ multiplexed with the scrambled program via 

multiplexer 732 and transmrtled via satellite link 705. 

733i^''S'J!!/*''r''?.^"^^ encrypted proaram and encrypted keys via demultiplexer 

dlLTr ^ T ^ f.^^"" d^ryption in internal security module 719 which is an integral part of ths 
decoder 706. A second decryption takes place in a replaceable external security element 714 which is 
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mounted on tha exterior of the decoder 706. for example, as a plug-in module. Alternatively, the encrypted 
key could be sent separate from the encrypted program over two separate channels as described in 
copending application serial number 473.442, incorporated herein by reference. 

Internal fixed security module 719 is the default security element v^hen the replaceable external security 

5 module 7ld is not installed. Internal security module 719 will receive system data routed from routing 
manoger 708. The suthorizotion ond control data witf proferat>ly comprise or include addressed data packets 
ea depicted in FIG. 9 end syatcm date packets depicted in 9A. Addressed data packets 9e include 
preferably a 38 bit user identificsEtion number or address 9a which is sent unencrypted. This user address 
corresponds to a user eddress contained in both internal and external security modules 719 and 714. The 

ro routing mansger 708 senses the unique user address of only internal security module 719 and correspond- 
ingly routes the entire addressed data packet dc to the opccified security modulo. Following the user 
address are two unencrypted bits Sb and 9c. The first bit 9b determines whether the addressed data packet 
is to be ultimately routed to the inrernal security module 719 or to the external secunty module 714. The 
second bit 9c determines whether the information which follows, encrypted information 9d, is encrypted 

'9 either once or twice. If bit 9c indicates double encryption, then both the internal security modulo 719 and 
the external security module 714 are required to decrypt it. The bits of encrypted data 9d would include 
authorization and control dala, e.g., the key of the month, subscriber authorization data such as user tier 
information, pay-per-view ink>rmation, or other subacriber specific or decoder epccific data. Generally, 
authorization data determtnea whether a particular subscriber or decoder is autherteed to reeeive end 

90 decrypt a particular program or view pey-per«view progronns, etc. Control data may include signals to 
determine where data packets are routed, energy management data, bui^tar alarm data, or other decoder 
component enabling signols. 

Toblc 1 shows how addrcoscd doto packets 9e are routed doperKling upon the value of bits 9b and 9e. 

2S TABLE 1 



Destination Bit 9b 


Encryption Bit 9c 


Routing of Address Data Packet (AOP) Result 


Internal 


single 


ADP to internal security module only 


internal 


double 


ADP to external module first, then to internal 


external 


single 


ADP to eMtemal eeeurity module only 


external 


double 


ADP to internal module first, then to external 



The system data packet shown in Rgure 9A contains program specific information and is eent and 
processed by all decoders. The system data packet Bh includes an intemai/external destination bit 9f similar 
to bit db in addressed dsta packet 9e. Bit 9f detormines where the system data packet is routed by routing 
manager 708. speejfieally» whether packet 9h is routed to the internal or the external security module. The 
40 intornnation following. 9g. is encrypted data including the encryption seed, program tier information which 
determines in which tier the particular program is located, the cost of the program for pay-per-view 
purposes, checksum bits, and any additional information which ie epectlic lo the program or channel in 
which system data packet dh is transmitted. Restating, system data packets 9h are specHic to a particular 
program or channel, and are ptreferably inserted by program broadcasters (shown as 1183 in Figure 11 and 
45 1286 in Figure 12). Each program is preferably encrypted with its unique seed. 

As discussed earlier with reference to Figure 6, the internal and external security modules must first 
receive and decrypt their unique addressed data packets to recover the key of the month. Using this key of 
the month then, the internal and external seeurity modules would use this key of the month to decrypt the 
seed from system data packets 9h. Finally, the seed is sent from the security module through routing 
so manager to video deecrambler 873 or audia'data decryptor 874 so as to decrypt a program video or audio. 

All data contained in addressed data packet 9e and system data packet Gh may be processed by tfie 
internal ^curity module 719. Similarly, the external security module 714 may replace the funotionaJity of 
the Internal security module 719 when it is installed. External security module 714 will be used as the active 
security element when directed by unencrypted data brt Of of system data packet 0h. This alkiws external 
S£ security module 714 to be deployed, inserted and authorized with addressed data packet information 
(particularly, KOM'e) before the system switches the active jsecurity element from the intemal security 
module 719 to the external security module 714. This process will be described more fully below. As 
previously mentioned, addressed data packets 9e contain user addresses 9a which is unencrypted and 
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unique to each internal security module 719. The externaJ security module 714 also has a unique user 
address which is used to track location of extornal modules. Once the external security modulo 714 ig 
inserted, it may customise itsetf to the user address of the internal security module 719 by having the user 
oddncss of Internal security modulo 719 route fts oddrcss to external sccurily module 714 which may store 
this address in secure memory 720. 

The addressed data packets 9e ore used to deWver decoder specific information to a single decoder, 
prctcrably using the loop-back method described bstow with respect to Rguro 12. In a B-MAC television 
a'gnal. the oddressed data packets are preferably transmitted during the vertical blanking interval of each 
frame as discussed in the background of the invention. Each subscriber would have a unique address data 
packet conesponding lo their decoder 706. Each decoder is assigned a single unique user address and a 
corresponding secret serial number (SSN). The user address end con'esponding secret serial number are 
not Identical, nor or they related. Pr«forably. the secnst serial numbers are generated using a rauidom 
number generator. When an addnsss data packet with a corresponding user address is received, the packet 
can be decrypted thus revealing the KOM and data. AJI decrypted data (e.g.. KOM's. tier data, PPV. etc) is 
held wfthin a secure memory within the module (707 or 720). The packets preferably contain «i checksum 
which 19 U5od to verify both correct reception and decryption of the data. All addressed data packets are 
received by the routing manager 708. and. depending upon the value of bit 9b, sent to the indicated 
secunty module for decryption. The decrypted and stoied data Is used by the conditional access software 
or program authorization software contained within the security modules to determine whether a particular 
program is to be decrypted depending upon a subscriber's tier, pay-per-view account, etc Security 
modules 714 and 719 also determine whether a particular piece of encrypted data is to be placed within its 
secure memory module. For example, the call back telephone number used by modem 875 need not be 
stored in the secure memoiy, and thus, is passed to the modem. 

Both replaceable security module 714 and an internal security element 718 of decoder TOS may be 
constructed according to the principles of Figure 4. For example, the second secret serial number SSN, 
may be loaded into SSNi memory 717 of module 714 vJa fusible links, and then these links destroyed 
dunng manufecture. Similarly, SSNo memory 712 of Internal security element 71S may be loaded during 
manufacture over a fusible link and then the link destroyed. Also over e fusible Unk, algorithms may be 
loaded mto key decryptors 718, 713 during manufacture and the Fusible links subsequently destroyed 

The roploccabic security module provider the pay television provider with the option of replacing 
system security by mailing out new repJoccablo security modules to all outhorizcd subscribers. Returned 
replaceable security modules Tt4 could be rc^tiscd for a different decoder ff the links were not dostroyod 
by reprogramming the SSNo and SSN, databases 711 and TIB to correspond to the combination of the first 
secret serial number of decoder 706 with the second socr^ serial number of security module 714. 
Preferably the returned replacesble security modules 714 are destroyed, and a new replaceable security 
modulo 714 sent to a subscriber, incorporating changes and improvements In the eecurity technology to 
thwart potential pirates. In the event of a security breach, it is only necessary to replace the replaceable 
8^r.ty module snd not the complete decoder in order to lestere system eeeurity. Most advantagaously. 
th^ subscnber replaces the external eecurity module without special assistance, and returns the oldmodule 
to the service provider. 

Referring to Rgur* 8. an enlarged picture of emwder 706 is shoyvn, particularly, program desciam- 
bter/routing manager 708 is more fully depicted. lncoinir,g television eignals. preferably B-MAC talavision 
8.gnate, ar« ,nput into don^uKiplexer 833. The demultlptexer aeparatoa video, digital audio. lotetaM, and 
aUhon«t.on and control data. The authorisation and cont«,l data, particularly add«.s»d data pack*;, 9o 
and system data packets 9h. are input into display and communication processor 870. Demultiplexer 833 

i ter^lT •J"*'.'*'^.""? Furthermore, the incoming signal 

.s formattod.nto.a form which is moro easily usable by the display and communications processor 870. 

intel.^« ^''at^*"*^^* f^'^^^^'y addressed data packets 9e are input into the user 

u^'l ^ ^"""""^ ""^"^^^ 'display and oommunication processor 870. 

ir^^L^^S^Tlf^ ^ *^ processor 878 to handle. tha«,»ore demuHiplexor 

d^rlr floT If ^ . Addressed date packet 9e contains tha unique user addre^Sa of this particu^ 
t^u^S, r!l "^^^^^l " ^ *° "'"9'^ encryption, user interface logic 871 commands 

^curTt^ :^^'"^'"*:'|f' ^^'^ «ddre»sed data packet into intcrnol 5eeu)% modulo (inbo^ 

coupler 879 to the ^eternal security module (outboard security elerf«nt or OSE) 814. See Table 1 . 



10 



SOOCIO;.<EF 067302SAI I > 

S<S 04-02-07 02:21 



St5t-SUZUYE & S 20 



BNS oaoe 10 



EP 0 €79 029 A1 



If encryption brt 9c is set for single enoyption, then depending upon destination bit 9b, either the 
internal or e>demal security modMie decrypts th© encrypted addrese data packet informeiion 9d. Once the 
KOM is decrypted, it is stored in secure memory 720 and 707. then used to decrypt the seed. This seed, 
prcfcrsibly changing very frequently conDporcd wrth the KOM, for example, every 1/4 second, is then routed 

5 from either the internal or external security module through routing manager 872 to video descramblar 873 
or audio/data decrypior 874. The seeds are used in video descrambler 873 and audio/data decryptor 874 to 
decrypt the video and audio/data respectively. Since the seed changes so frequently, every 1/4 second, it is 
not critical that the seed is sent unencrypted to video descrambler 873 and audio/data decryptor 874. 

K encryption bit 9c is set for doubling encryption and destination bit 9b Is set to external, then an 

10 inconning addressed data packet ee is partially decrypted first in the internal security module using a first 
secret/confidential serial number, and then finally decrypted in the external security module using a second 
secret/corrfidential serial number. The KOM is once again sfoied in secui^ memory 720 and is used to 
decrypt the seed. 

Coupler 873 is also connected to audio^data decrypior 874 to allow for the audloAlata decryptor to be 
T5 upgraded by an external security module 814 which could contain additional decrypting aigorrthms directed 
to audio/data only. This would provide for Increasing security of encrypted audio if current encryption of the 
audio had been compromised. 

Telephone modem 875 may Include a microprocessor to allow either the internal or external security 
modules 819 and 614 to communicate to encoder 701 or other fadliiles via telephone lines. This feature will 
20 be discussed more fully below. 

Also shown in Figure 8 are front panel display 878 which includes iriput buttons for a subscriber and a 
display preferably on tho front of decoder box 806. On-screen displays/teleteTtt 677 provides for on-screen 
messages or teletext to be efther overlayed or displayed on a aubscrilTor's television screen. 

M Tranaferrliifl Scourity Punotion^ Between Mpdulee 

Tho process of trooGfening the security functions from the internal security module to the external 
eecurily modulo will bo doscribod now. Initially, all security functions are performed by internal security 
module 719. If a security breach occurs, it may be defended against by manufacturing and distributing 
9c exterrial security modules with instructions for installation into decoder 70G. At this point, the external 
security element doe« not have a valid key of the month in its secure memory 720 nor any oppioprifirte tier 
and ©vent numbers for the particular subscriber. Therefore, the extemal eecurity element 714 cannot yet 
perform any independent security functions. 

The KOM ie delivered to the interrml and external security modules using er^crypted addressed data 
as packets 8e. Beoause tho external security ^\&m&rA is installed to upgrade security, the addressed data 
packet© for the internal security modul& and the d)ctornaJ security module are encrypted differently using 
KOWs unique to each Internal and each external security module. Therefore, the non-encrypted bit 9b 
determine© the destination of the address data packet 9e. as shown in Table l above. 

During this transition stage, addressed data packets carrying the next KOM are transmitted with 
40 destination bit 9b set to the external security module, with encryption bit 9c set to double encryption. The 
routing manager 708 still delivers the address data paeket Oe to the internal security module first, but now 
the internal security module decrypts the address data packel 9d using an ahemste secret serial number 
contained within its secret seriaJ number memory 71 a This altarnate secret serial number is not the one 
which is nomnally used by the internal security module for decrypting addressed data packets 9d. The 
15 result of this decryption using the alternate secret serial number is passed back to the routing manager 872 
and forwarded to the external security module 814 for final decryption using the secret serial number of the 
external security module. Thus, the key of the month is twice encrypted, first with the alternate secret serial 
number and second wHh the eHternal security module's secret serial number. This twice encryption 
prevents casual migration of external security modules between decoders 706 since both decoder-specific 
0 decryptions must bo successful. Restating, the KOM is twice encrypted during the transhion stage with a 
secret senal number stored in the secure memory of the internal security module, and o secret serial 
number stored in the secure m^oty of the eKtemaf security moduk> for each internal and external security 
module In existence. 

If the KOM was not twice encrypted with an alternate SSN, then a pirete could alter destination and 
5 encryption b.ts Ob and 9c to transmit a decrypted KOM between security modules, and thus intercept is 
during transmission. By using the alternate SSN. if tampering of destinaiion and encryption bits occur, the 
mtemaJ security module would believe the encrypted KOM were encrypted using the regular SSN, and thus 
could not decrypt the KOM. Only partially decrypted KOM's are passed between modules and only in the 



11 



>iSDOCiO: cBF 067S028A1 I > 



04-02-07 02:21 



Si$t-suzuYE & s \'-r zi 



EP 0 679 029 A1 



double encryption state. The present system prohibits the use of exchanging external security modules 
. between decoders since both SSNs must correspond with a twice encrypted KOM. 

When the next KOM has been transmitted to and stored in alt decoders TOe, then the encoder 701 
preferably changes the system data packet destination bit 9f to the external security module and encryption 

5 bH 9c to double encryption. The external security module 714 now becomes the active security element 
arwl assumes all security functiona. Thus, the decrypting seeds are now decrypted with the KOM and 
released from the e>«temal security module 714 through security routing manager 872 to the video 
descramfoler 873 and audio/data decryptor 874« S'mce the external security module now also contains the 
subscriber's authorisation data such as program and service tiers, and pay-per-view event authorization in 

io its secure non-volot'lc memory, rt may conditionelly release seeds to decrypt opectfic programs Indspen* 
dent from the internal security module. Similarly, being an independent security module, the external 
security module may record impulse pay-per-view event purchases from the user interiace logic 871 and 
upload this infonmatron to a phone manager via telephone modem 875 using encrypted communications as 
described below. Encryption bit dc may be changed to single encryption if so desired. The reason for 

T5 adding an external security module is to recover security after the internal security module had been 
comprtaed- Thus, in the pireferred embodinfient* double encryption is used and the external aecurity module 
becomes the active security element upon compromise of the internal security module. 

Once external security modules hove been deployed, new accurity functions (including new secret 
serial numbers, onerypting algorithms, software or physical security) may be incorporated into the internal 

to security nr>odule so that an oxtomal security module is not required in new decoder boxes which are 
distributed alter external security modules have been distributed. Still, an empty coupler 879 is provided for 
hjturo external security modules. To provido for compatible transmission to future oxtomal security 
modulos, tho intornol occurity module in theso new decoder boxes must functionally omulato tho provtoue- 
generation intomal security modulo, as well as pe rf or m the some hjnetion as the tntornal-external soeurity 

?s module combination, and it must respond to both address data packet deaHnstton bit 9b and encrypb'on bit 
dc. 

If a previously distributed eoctemaJ eecurity module ie compromieed, s new external security module is 
deployed, with tho subseriber removing th© old and inserting the now. The now oxiornal seeurity module 
will not have the key of the month, or tht3 subscriber's authorization and control data such as tiers or event 
so numbers. Therefore, to maintain continuity of service, all security and authorization functions aro' temporarily 
returngd to the internal security module. Prior to distribution/mailing of th© new external security modules, 
addressed data packets are transmitted with the destination bit 9b set to the internal security module and 
encryption bit dc set to single encryption. Thereafter, the previously described steps are perfonmed with 
encryption bit Oe^ehanging to double encryption to allow the new KOM to be twice decrypted and stored in 
35 the new external s^urity module. Finally, security, authorization and control functione are switched to the 
esdem^l security module with encryption bite set for either or double. 

Summarizing, if a system breach occurs, the pay television provider then mails out replaceable external 
security modules to subscribers, switches decryption to the internal security module until all decoders have 
the new KOM. then uses decryption through the external security module only or uses: the double 
40 encryption technique, and thus recovers syslem security. The optional usage of the replaceable external 
security module has other attractive tienefits as well. Sul^scribers who do nor pay for any premium channais 
may not be sent a replaceable security module, as the -basic* channels may only use a once-encrypted 
key or may even be sent in the clear. If the subscriber uvishes to upgrade to a premium channel or 
channels, the pay television provider may then mail that subscriber the appropriate replaceable security 
45 module. 

In addition, the replaceable security module may be used to add other additional features. Many cable 
television systems , offer optional sendees, such as IPPV (Impulse-Pay-Per-View) which require two-way 
communication between the decoder 706 and the headend. In the past, if a subscriber wished to upgrade to 
IPPV service, a subscriber's detxxJer would have to be altered by inserting a IPPV module internally or by 

50 adding an IPPV "side car" eytornally. Alternatively, the entire decoder would have to be replaced. AU three 
options would necessitate a service call, causing inconvenience to the subscriber* and eypense to the pay 
televfsbn provider. Similarly, when a pay television provider wishes to upgrade its entire encodflarydocod^tr 
system , it must provide a new decoder to each subscriber which will work In the Interim with both the old 
and new encoding techniques, as it Is nearly impossuble to replj^© all subscriber decoders simultaneously. 

55 Thus a decoder manufacturer is faced with the added expense of providing his state-of-the-art decoder with 
extra circuitry in order to function with th© pay television provider's old encoder for the few months during 
the change over period. 
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In all of the above instances of upgrading existing service, the replaceable security module 714 may be 
used to*upgrQde the decoder 708 without the expanse and inconwiience of e service cell- The reptaccabto 
security module 714 may be mailed to the subscriber and the subscriber can then insert the replaceable 
security module 714 and instantly upgrade the decoder or add additional features (such as IPPV). alter the 
decoding technique, or provide an additional level of. security. Preferably, IPPV Is incorporated within the 
decoder 706. Notably, the replaceable security module 714 may add additional software features to the 
decoder. 

The replaceable security module 714 may take one oT several forms, in the preTen-ed emtjodiment. tfte 
module may comprise a "smart card", a plastic "credit card" witfi a bufft-in microprocessor (sucn as a 
68MC11 microprocessor), sucn as described by trie international sranoards Organization in standard ISO 
7816/1 and IS07816/2. AffenDon is drawn to U.S. Patent rsio. 4,64i,i33 issued June 20, i989 and 
incorporated herein by reference, describing such a "sman card." Trie "smarr card" may be equipped with 
a series of electrical contacts which connect to contacts in coupler 879. Preferably 16 contacts are provided 
so as to allow for plenty of expansion room if additional features are included in the future, since onry 6 to 8 
75 of me contacts would be used oy ms present invention. The contaas may provide power to tne card, along 
witn clock signals and data transmission. Additional contacts may be provided to allow connection between 
coupler 879 to audio/data decryptor 874. These additional contacts would allow for additional decrypting 
algorithms to be applied in conjunction wiih or independent from those decrypting algorithms contained in 
decryptor 874 or for some other purpose. 
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Use of Telephone Oontroller/Modem 



Pay-per-view programming is defined here as any programming where the subscriber can request 
authorization to waicn a particular program, in many pay television sysremsp pay-per-view programming is 

PS used for sporting evems (boxing, wrestling, etc,) wnicn are not transmitied on a regular basfs. a subscnber 
wishing to view the event must receive authortzailon in the form of a special descrambfer mechartism. or in 
the form of a special code transmitted or input to the subscriber's decoder. Some pay-per-view teievision 
systems allow the subscriber to request a pay-per-view program <i.e. - movies) to watch. The pay television 
provider then transmits the requested program and authorizes that subscrftier*s decoder to receive the 

30 Signal. 

Impulse pay-per-view <IPPV) programming 1$ defined here as any programming where the subscriber 
has a pre-authori2ed numlaer of -credits" ^aved in his individual decoder. If a subscriber wisrios to view a 
particular program, the subscrfber merely actuates the decoder, the appropriate number of credits are 
subtracted from the subscriber's remaining credits, and the subscriber is immediately able to view the 
oc progrem. Pay television systems are disclosed, for escample. in U.S. Patent r^. 4.484,217 and 4,163.254 to 
Block, incorporated herein by reference. 

In a pay-per-view embodiment of the present Invention, the decoder may send a signal to the headend 
via the telephone controller/modem 875 with a request lor authorisation to decode a pay-per-view program. 
Preferably however, secure memories 720 and 707 store authorization information <i.e»-creiSts) for pay-per- 
40 view pfXDgramming, and the security modules fbrward actual pay-par^view data via the telephone controi- 
IcrAnodem 075 at a later time. 

The telephone controller 940 could be a computer modem type device, or could work using touch-tone 
signals to communicate with the headend. Preferably, the telephone controller is a modem type device, 
commumcsting with the headend using a frequency shift keying or FSK protocol. Attention is drwwn to U.S 
45 Patent No. 4,926,444. issued May IS, 1990. describing FSK operation and incorporated herein by reference. 
The pay television provider can thus send appropriate authorization infonriation (TEL) to the subscriber, 
encrypted with a subscriber's secret telephone number (STN). The secret telephone number is nor a 
telephone number in ihe ordinory sense, but raxher another type of secret serial number, which could be 
assigned to a given telephone contfoller/modem 875 or series of telephone controters. Once received by 
5o processor 870 of decoder 908. the authorization information may be routed and used to enable descram- 
Wing of a particular pay-per^'rew program or pn3grams. 

In another embodiment, whrch could be used In conjunaion wiih the pay-per-view embodlmeni 
described above, the telephone controller/modem can be used to receive the KOM encrypted with the 
secret telephone number. The encrypted program signal is input to decoder a06 through modem 875 into 
processor 070. Modem 875 rnusl be capable of providing the functions of demultiplexer 833 SO as to 
separate the addressed data packets 9e. Input them into processor 870 which will then route them to the 
proscribed security module. 
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The telephone controller STB can be prograryvned to call the headend at a predetermined time or at a 
, predetormined time interval, or upon receiving s aignal from the headend preferably v/hon phone usago is 
et s minimum <i.c. - early morning hours). Tho telephone contro«or can call the headend vie a toll <reo 1-8O0 
number, a so-celled "watts • line, or via a local call 16 a commercial data link such as TVMNET or 
5 TELENET. Preferably, the present Invention would use the data retum system described in application 
entitled DATA RETURN FOR A TELEVISION TRANSMISSION SYSTEM, having serial number 
• incorporated herein by reference. Once the coJI is connectod and communicstione estab- 
lished, the decoder 806 uploads to the headend o rocord of pey-pcr-view usage encrypted with the secret 
telephone STNi . The headend may then download data similarly encrypted to the decoder 80e including 
TO new keys, secret serial numbers, or decryption algorithms. The encrypted key or other encrypted data may 
be sent to either internal securrty element 819. or the replaceable security module 814. The Information 
transmitted from the headend may com© vie the telephone line through modem 875 into proceaeor 870 or 
preferabty through the satellite TV input into box 833 and on inio processor 870. 

As discuased above, a new secret serial number or decrypilon algorithm, encrypted with the secret 
73 telephone number, may be sent from the headend to d decoder through telephone controller 87S. The 
encrypted secret serial number or decryption algorithm Is then decrypted and stored in the selected 
security modules. This downloading of decryption algorithms and secret serial numbers via the telephone 
controller 875 is sometimes called an "E=» palch'. and allows the pay television pirtvidcr to maintain or 
recover ayatem security by loading new inPonnnotion into a decoder's EEPROM. An patch doee not 
eo necessarily entail changing the entire decryption olgorrthm in the decoder 806. The aecret serial number or 
merely a portion of the decryption algorithm, such as a particular byte or data table need only be changed 
in order to sufrieiently alter th© decryption algorithm. Th© £2 patch allows th© pay television proWdor or 
upgrade th© encryption system to fix "buga" and recover system security. 

After receiving a signal through th© telephone controller 875. the headend will sand an aoknowlodgmont 
ts signal to tho docodor, indicating thai information has been reeehred. Similarly, after data has been 
downloaded from tho headend to the ddceder through the telephone cortroMer/modem, th© docodor will 
rotum an acknowlodgmont signal through modem 875 to th© headend that data has fc»een reeeived. Mdreto, 
tho present invention would preferably use the data return system described in applieation entitled DATA 

RETURN FOR A TELEVISION TRANSMISSION SYSTEM, having serial number . incorporated 

so herein by reference. 

In addition to pay-per-view requests or records, telephone controller 875 can also be used to upload 
other signals from the decoder. For example, tamper protection information soeh as described in connection 
with Figuire 4 can be sent indicating whether ornot the decoder has been tampered with- Further, program 
viewing infomnation can be uploaded to the pay television provider for television rating purposes (i.e., - 
SB Nfielson ratings). 

In general, any data that can be delivwed via th© B-MAC input of Figure 9 (or NTSC, PAL, SECAM, 
etc.) can also be downloaded Ihrough the telephone controller 875. Such infonriation includes, but is not 
limited to. blackout codes, tiering information, personal messages, number of available credits, group 
Identification numbers, and other system data Generally, the telephone controller 875 is used for infrequent 
communications, such as periodic security level changes and IPPV requests, due to the limited bandwidth 
of telephone lines and the increased cost of sending information via telephone versus the B-MAC input. 

The telephone information (TEL) encrypted with the secret telephone number (STN) remains encrypted 
throughout the decoder 806 and may only be decrypted in the security modules. Th© decrypted telephone 
information does not pass out of the security modules, in order to prevenl obsen/alion by a pirate. For 
45 decoder 80S to descramble a scrambled program, both the telephone information and the addressed data 
packet received through the B-MAC input must be present By relying on both information sounies. piracy 
Is virtually fmposstoje, as the potential pirate musst break into the pay televisfon provider's telephone system 
as well as decrypt a Iwice-encrypted key. 

ngure 10 shows communications between a secure microprocessor, either Internal or external, and the 
routing manager. Decoder 1O06 compHses secure microprocessor 1050 with secund memory 1052. Secure 
rnemory 1052 contains a set of secret serial numbers SSNo. a secret telephone number STN© unique to 
that decoder or a senes of decoders loaded during manufacture and secured with an -£2 bit- as discoid 
in connection with Figure 4 or other security, the encryption algorithm E. and other authorization informa- 
tion. Encrypted program signal E„orv,o{SYS) 1053 and once-encrypted key-of-lhe-month EssNofKOMO) 1054 
are mpul to decoder 1006 along with optional encrypted telephone data E^yn^ofTEL) 1055. 

Secure microprocessor 1050 decrypts encrypted telephone data B;^(TBL) 1055 using the secret 
telephone number stNq stored in secure memory 1052. The decrypted telephone data (TEL) is also stored 
in secure memory 10W to prevent obeervaiion by pirates. The telephone data (TBI) may provide 
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authorization information to decoder 1006 as to whether decoder 1006 is presently authorized to decrypt 
some or all of the roceived encrypted programs. In dddrtion, other infornriatipn may be transferred between 
the decoder and the headend as discussed in connection with Figure 6. 

5 Transmission of Addressed Data Paclcets 

Regarding the transmission of the encrypted signal with the addressed data packets 9e, previous 
systems incorporated a central control at the broadcasting uplink. As previously discussed and referring to 
Figure 11, prior eyetems used a central control 1181 to insert addressed data packets or other subscriber 
to related information into the program signals to authorize those individual receivers who receive encrypted 
signals directly, not through a local distributor. Central control 1131 would transmit addressed data packets. 
Via dedicated lines 1186. to uplink broadcaster 1188 (e.g., Home Box Office. Cinemax, ere.) who would in 
tum multiplex the addressed data packets with their program signals, usually encrypted. 

Under the new system and referring to Figure i2, e subscriber authoriaation computer 1282 and 
75 supervisory control computer 1280 are provided which input the same subscriber and system data via 
addressed and system data packets Qe and 9h to master uplink 1284, The subscriber authorization 
computer 1282 and the supervisory control computer 1280 are tioth current products manufactured and 
sold by Scfentffic*Atlanta. Subscriber authorization computer 1282 contains all sut>scnber or decoder 
specific data in a large database. This subscriber specific data is then formatted into addressed data 
so packets 9e for multiplexing with audio and video in mastor uplink 1284. Similarly^ subscriber aLrthorization 
computer 1282 contains system wide information specific to particular programs in a large database and is 
formatted into system date packets 9h for transmission. Master uplink 1284 multiplexes the system and 
addressed data packets with audio and video to produce a typical B-MAC signal. This signal may be 
received by any subscriber who may use the data packets to decrypt the progtsm. The addressed and 
35 system data packets 9© and dh are then transmitted on a channel with the audio and video to satellite 
transponder 1205 via satellite uplink 1283. 

Th© sigr\al is reflected from satellite transponder 1206 to «at»^JIite roceiv^kr and uplink 128a The 
addressed and systann data packets are received by loop-back uplink 1286 where they are stripped away 
from the audio and video program signals inserted al master uplink 1284. The packets are then multiplexed 
30 with different audio and video program signals and retransmitted to satellite transponder 1205. The 
combined signals are then transmitted to the Individual receiver 1289 via receiver 1283 where they are 
decrypted. With this system, addressed data packets may be received by se^^ral loop-back uplink 
broadcasters who may multiplex these packets with their scrambled program signals. They may also take 
selected portions from the system data packet gh. for example, tier information, pay-per-view cost data, etc, 
3S In this way. all loop-back uplink broadcasters preferatsiy send broadcasted B-JUIAC program signals with 
data packets to all subscritsers. A subscritser may tune to any channel to receive both the scrambled 
program and data packets to decrypt the program. The system wide data which may be combined at loop- 
back uolink 1286 preferably includes the call-back data descritsed in application having serial number 

. entitled DATA RETURN FOR TELEVISION TRANSMISSION SYSTEM, incorporated herein 

40 by reference. 

In This system, the need for dedicated lines 1185 to each broadcaster is obviated since the addressdd 
data packets may be transmitted from niaster uplink 1284 to a variety of loop-back uplinks 1286 for the 
various program distributors (e.o.. HBO. Cinemax. etc.). The addressed andi system data packets are in the 
form depicted in FIGS. 9 and 9A respectwely, and preferably placed in a B-MAC format Thus, loop-back 
45 uplink 1286 must decode the B-MAC signals to remove the loop-back formatting so as to extract each 
rndfvldual encrypted address data packet 9e to be multiplexed with their particular encrypted progrm 
signal. 

Additionally, the present invention may operate in a full field KOM mode which would be able to rapidly 
address all decoders 706 in the network. In a B-MAC television signal, the addressed data packets are 

so preferably transmitted during the vertical blanking interval of each frame as discussed in the background of 
the invention. TypicaJJy, KOMs and addressed data packets are sent ditniyg five lines of the vertica/ blanking 
interval for each fieki. This produces roughly 6.000 bytes per second of data. This amount of data may be 
transmitted over dedicated lines 1185 of the prior art. However, if a broadcaster wanted to rapidly address 
all subscribers they were limited by the transmission capabilities of the dedicated line© iias typically 

55 telephone lines by a telephone company. Under the present invention, roughly 500 kilobytes per second of 
date may be sent in the full field mode. 204 video lines plus the 5 vertical blanking interval lines aro 
available in this nrwde, per field, for transmitting addressed data packets. Consequently, if a broadcaster 
wanted to rapidly authorize PPV or IPPV viewing for a recently upcoming program {e.9., a boxing match), 
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the broadcaster may do so with the present system. A text screen may appear on all subscriber's felevision 
sets which may indicate what was occurring. 

With this system, an individual subscriber with a sateHlte receiving dish may receiver program signals 
end data packets from al) satellites, regardless of which channel he is tuned. If he is authorized to decrypt a 
particular program signal, the signal will contain his unique address data packet which is routed by 
processor 870 and decrypted by the particular security module. 

Digitaily Upgrading the Decoder 

Referring to Figure 13. a meihod of converifng The analog decoder box depicted in Figure 7 as 706 ana 
rigure a as 800 from an analog configuration lo also accepi digital television signals Is shown. The original 
analog decoder box Is depicted as 1306 where incoming signals are aown convenea in down convener 
1365. Preferably incoming signals are in the L band region, having frequencies between 0.95 and 1.45 
gigahertz, however, any other frequencies may be used. These frequencies are down oonvertea to a fixed 
frequency more manageable by the decoder, preferably to a 6i2 megahertz intermediate frequency. Tne 
signals are then demodulared In FfVI demodulator 1366 and transmined :o decoder i36e Oirougn switch 
1367. Preferably, the signals are in a B-MAC form and therefore decoder 1368 decodes and decrypts the 
B-MAC signal to its audio, IMTSC video and channel 3 signals © be input imo a standard leleviston receiver. 

To upgrade the system to accept digital signals, a "digital side-car" 1330 may be added by using a 
simpte four lead connection. Tap 1337 allows the down convened signals to be input into the quadrature 
phase shift key demodulator 1391 of side-car 1390. Preferably a 40 megabytes per second demodulator Is 
used. The demodulated signals are then input into error correcting and demultiplexer 1392. Block 1392 also 
provides correct timing for the signals in side-car 1330. 

Switch 1367 would be placed in a second position to receive digital signals whereby analog signals 
5 from digital to analog (D/A) converter 1396 are input irrto decoder cand fsea Tuning micn^proccssor 13B7 
coupled to decoder 1368 is used lo control the physical transponder tuning function. Additionally, tuning 
microprocessor 1376 could also control volume, and display date on the front panel of decoder bwc 1390. 
Importantly, tuning microprocessor 1376 provides tuning information to box 1392 via decoder 1368 to allow 
demultiplej<er 1392 to select a particular digital subchannel from all incoming signals contained within a 
> particular channel. Specifically, the display end communicatwn's processor 870 receives unencrypted 
channel location bits which allow it to Jocate and select a particular transponder number (or channel 
number) and sub-transponder <or subchannel number). This channel map ts mora fully described in 
application entitled VIRTUAL CHANNELS FOR A MULTIPLEXED ANALOG COMPONENT (MAC) TELEVI- 
SION SYSTEM,, having serial number , incorporated herein by referwoe. Additionally, the 

video doorypbon eeed from the security modules is also transmitted to bo^c 1392 to allow the selected 
subchannel to be decrypted. wiecrea 

Box 1392 corrects error in the signal using a forwand en-or correction method (FEC) with checksum or 
panty brts. .The s^nal is domultiplexed with the selected subchannel input to video decompressor 1393 
Typical digital video decompression would be discrete cosine transform (DC-O or other digital high 
compression technique known by those skilled In the art. 

The decomprossod/texpanded digital video signals are then decrypted in docryptor 1399. If video 
signals are to be transmitted digitally, digital encryphon using a key number rather than the p^vicusly 
described scrambling of analog signals using a seed is preferred. Consequently. e>demat and intcmal 
securrty modules 1314 and 1319 r^sp^Jvely, of decoder 1368 provide decryption keys to docryptor 1399 
Funcboning of security modules 1314 and 1319 are Identfcal to that previously described above. 
^M^r^^ ti^c'VPted decomprossod/expanded digital video signals are then pracessed for rolomiatJon to a B- 
t\,T^P ^""^^^^ by those ekilted in the art. TT,e expanded digital video cignols ere input 

Signals U and V are also stored on a frame basis. Box 1392 also inputs B-MAC data to store control 1394 
which outputs tfie stored lumlnanco and chrominance ^rtores at correctly timed intervals through D/A 
Z^TJ ^''1^'"''"' ^'^"^^ ^"^•'^9 ^ "^^^ ar^ typical B-MAC signals having 

B.ljiZ\7^''^r^^^ decompress and expand the low bit rate signal into a full 

auJ^oarr^^orT Z addressed data packets 9c and 9h. teletext and digital 

audio aro uncompr^ssod and are passed out tc decoder 1363 without decompression in side-car 1390. 

JI!! ^"""'^^ microprocessor controlled so that a "compression-enable" bH in the system data 

or address data packet is read and causes switch 1367 to enable the decompression digital side-car 1390 
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to b9 enabled. Thus, the decoder 1306 with digital side-car 1390 may be able to receive and descramble 
both analog and digital video signals. Furthermore, tap 1397 is provided in Figure 13 as a loop This looo 
could be a single lead, however, the loop pnwides for additional flexibility of expansion. 

While the present invention has been disclosed with respect to a preferred embodiment and modifica- 
tions thereto, further modifications will be apparent to those of ordinary skill in the art within the scope of 
the claims that follow. It is not intended that the im/enHon be limited by the disclosure, but instead that its 
scope be determined entirely by reference to the claims which follow. 



Claims 



TO 



so 



1. A system ftor cooperating wHh a satellite transponder (1205). the system comprising- 

a master upfink capable of transmittlno a plurality of program signals to the satellite transponder- 
a first source of proflram signals, the first source providing a first program signal to the master 
™ transrnitted to the satellite transponder as one of the plurality of program signals, the first 

>s program sional including subsctiber infomtiatioo: and 

at least one additional source of additional program signals, a first additionai source providing a first 
addibonal program signal to the satelRte transponder, the first additional source including (i) means for 
extracting tlie subscriber Information from the first program signal, and {!!) means for inseding the 
subscriber information in a first different program signal to form the first additional program signal. 

A system according to claim 1 , wherein: 

the satellite transponder (1205) retransmits the plurality of program signals received from the 
master uplink as a plurality of retransmitted program signals: 

the means for extracting the subscriber information includes (i) means for receivirtg a first 
retransnriitted program signal corresponding to the rirst program signal, and (ii) means for stripping out 
all signal parts except the subscriber infonnation: and 

tfie rneans for insertino the subscriber infomnation Includes <I) means for multiplexing the sub- 
scriber informaton mto the first different program signal to form the fi«t addrtional programligral and 
21 maans lor providing the first additional program signal to the master uplink for transmission to 
the satellite transponder as an additional signal of the piuiallty of program signals. 

f """"Jil!? *° ^ °' ^"^"^ ^' "^'^^ subscriber information includes at least one of 
system data packets and addressed data packets. 

telSSU sIS*'"^ *° ^ preceding daim. wherein at least one of the plurality of program signals is a 

teSn sIg'S*"*' ^ '^^ °' ^ "^"'^^ °^ '^'^ ^'^^ « B-MAC type 

nS'^dll^^S'S ."''^^"^^^ * cooperating with a satellite transponder 

p-ius; according to claim 1. the method comprising the steps of: 
providing the subscriber information at a first source: 
providing a plurality of program signals at a plurality of second sources- 
transmitting the subscriber information to the plurality of second sources- 
enmh!!!^?"'"^ T'' information with a plurality of program signals to produce a plurality of 

transmitting the plurality of combined signals to at least one subscriber. 
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